Post B2IyO85MJfWIjYJOTo by randrews@somewhy.net
(DIR) More posts by randrews@somewhy.net
(DIR) Post #B1A1dh8HqvodtPZMcS by OpenComputeDesign@linuxrocks.online
2025-12-12T02:03:50Z
0 likes, 0 repeats
Hear me out...I've been thinking about it, and the S in HTTPS is completely 100% superfluous on the vast, _vast_ majority of websites
(DIR) Post #B1A1di6uDYIyvPvm6a by trevdev@fosstodon.org
2025-12-12T03:49:44Z
0 likes, 0 repeats
@OpenComputeDesign because the majority of websites either should, or already are secured with TLS?
(DIR) Post #B1A1dj94Mzd88Px17I by OpenComputeDesign@linuxrocks.online
2025-12-12T03:51:54Z
1 likes, 0 repeats
@trevdev Because it adds absolutely no security to the majority of the internet. Only stuff like banking websites, shopping carts, and secure chat apps benefit at all from going over HTTPS instead of plain HTTP
(DIR) Post #B2IyO40FUj3W4XtFxY by randrews@somewhy.net
2025-12-12T06:04:54Z
0 likes, 0 repeats
@OpenComputeDesign @trevdev Not just those, anything the user might not want network operators aware that they're looking at, anything that might be private.Which still isn't everything but it's a broader set.
(DIR) Post #B2IyO5Gwm80U0ci6cq by OpenComputeDesign@linuxrocks.online
2025-12-12T06:07:29Z
0 likes, 0 repeats
@randrews @trevdev Well, the biggest issue for the vast, vast majority of the internet is the URL. HTTPS does not fix DNS
(DIR) Post #B2IyO6SgLyzJhJCzYW by light@noc.social
2025-12-12T21:42:54Z
0 likes, 0 repeats
@OpenComputeDesignEncryptedClientHello?And HTTPS does encrypt the path.@randrews @trevdev
(DIR) Post #B2IyO7GfM8yECKauSu by OpenComputeDesign@linuxrocks.online
2025-12-12T22:07:25Z
0 likes, 0 repeats
@light @randrews @trevdev I've been reading up on, and it looks like DNS over HTTPS _does_, but then TLS actually provides it's own unencrypted path that can be snooped, although it looks like there have been efforts to encrypt that as well, although there appears to still be debate as to how well it's been done. And plus there are still IP addresses, though there's debate about how well the sites you visit can really be tracked through those these days, and I think I'm too deep plzhlp
(DIR) Post #B2IyO85MJfWIjYJOTo by randrews@somewhy.net
2025-12-12T22:12:19Z
0 likes, 0 repeats
@OpenComputeDesign @light @trevdev I think if you need _perfect_ privacy then yeah https isn't gonna cut it, even tor won't work. 1/2.
(DIR) Post #B2IyO8xF5KcbQfWQT2 by randrews@somewhy.net
2025-12-12T22:12:28Z
0 likes, 0 repeats
@OpenComputeDesign @light @trevdev 2/2 My thing is more, I don't think that makes https useless: someone snooping my traffic on hotel wifi will see some encrypted packets going to cloudflare for a dns-over-https query, then some more encrypted packets going to an address in probably-AWS.Whereas without that, they'd see a plaintext DNS query for whatever.com, followed by an HTTP GET / to whatever.com. Significantly easier
(DIR) Post #B2IyO9rxgRzYGa3isK by otso@tsundere.love
2026-01-15T09:38:33.965282Z
0 likes, 0 repeats
@randrews @OpenComputeDesign @light @trevdev it's super sus that android has hardcoded the dns over https feature to only work for google and cloudflare. You need to input dns.google or dns.cloudflare-dns.com respectively in the os settings. You can't pick another provider. Those two providers are 100% compromised and logging queries because the government can just tell them to and make them not disclose of it, all while they legally boast of a no-log policy. It's a scam. DoH is an effective protocol, but the deployment is malicious and counterintuitive.